Bug 1252154: Delay allocation metadata collection for inline typed objects. r=sfink
authorJim Blandy <jimb@mozilla.com>
Wed, 02 Mar 2016 16:09:00 -0800
changeset 324971 764ae482c00774494774cf23c819d7d6e58efcdd
parent 324970 efae40ee27c8730b77490e0c5a2b5c2aabb418ed
child 324972 7dec4b377e6b789e357ed2326852a901c3281a95
push id1128
push userjlund@mozilla.com
push dateWed, 01 Jun 2016 01:31:59 +0000
treeherdermozilla-release@fe0d30de989d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssfink
bugs1252154
milestone47.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1252154: Delay allocation metadata collection for inline typed objects. r=sfink
js/src/builtin/TypedObject.cpp
js/src/jit-test/tests/gc/bug-1252103.js
js/src/jit-test/tests/gc/bug-1252154.js
--- a/js/src/builtin/TypedObject.cpp
+++ b/js/src/builtin/TypedObject.cpp
@@ -1584,16 +1584,18 @@ OutlineTypedObject::createDerived(JSCont
     return obj;
 }
 
 /*static*/ TypedObject*
 TypedObject::createZeroed(JSContext* cx, HandleTypeDescr descr, int32_t length, gc::InitialHeap heap)
 {
     // If possible, create an object with inline data.
     if ((size_t) descr->size() <= InlineTypedObject::MaximumSize) {
+        AutoSetNewObjectMetadata metadata(cx);
+
         InlineTypedObject* obj = InlineTypedObject::create(cx, descr, heap);
         if (!obj)
             return nullptr;
         descr->initInstances(cx->runtime(), obj->inlineTypedMem(), 1);
         return obj;
     }
 
     // Create unattached wrapper object.
@@ -2129,16 +2131,18 @@ InlineTypedObject::create(JSContext* cx,
     NewObjectKind newKind = (heap == gc::TenuredHeap) ? TenuredObject : GenericObject;
     return NewObjectWithGroup<InlineTypedObject>(cx, group, allocKind, newKind);
 }
 
 /* static */ InlineTypedObject*
 InlineTypedObject::createCopy(JSContext* cx, Handle<InlineTypedObject*> templateObject,
                               gc::InitialHeap heap)
 {
+    AutoSetNewObjectMetadata metadata(cx);
+
     Rooted<TypeDescr*> descr(cx, &templateObject->typeDescr());
     InlineTypedObject* res = create(cx, descr, heap);
     if (!res)
         return nullptr;
 
     memcpy(res->inlineTypedMem(), templateObject->inlineTypedMem(), templateObject->size());
     return res;
 }
@@ -2238,20 +2242,20 @@ OutlineTransparentTypedObject::getOrCrea
         return &owner().as<ArrayBufferObject>();
     return owner().as<InlineTransparentTypedObject>().getOrCreateBuffer(cx);
 }
 
 /******************************************************************************
  * Typed object classes
  */
 
-#define DEFINE_TYPEDOBJ_CLASS(Name, Trace)        \
+#define DEFINE_TYPEDOBJ_CLASS(Name, Trace, flag)         \
     const Class Name::class_ = {                         \
         # Name,                                          \
-        Class::NON_NATIVE, \
+        Class::NON_NATIVE | flag,                        \
         nullptr,        /* addProperty */                \
         nullptr,        /* delProperty */                \
         nullptr,        /* getProperty */                \
         nullptr,        /* setProperty */                \
         nullptr,        /* enumerate   */                \
         nullptr,        /* resolve     */                \
         nullptr,        /* mayResolve  */                \
         nullptr,        /* finalize    */                \
@@ -2271,20 +2275,22 @@ OutlineTransparentTypedObject::getOrCrea
             TypedObject::obj_deleteProperty,             \
             nullptr, nullptr, /* watch/unwatch */        \
             nullptr,   /* getElements */                 \
             TypedObject::obj_enumerate,                  \
             nullptr, /* thisValue */                     \
         }                                                \
     }
 
-DEFINE_TYPEDOBJ_CLASS(OutlineTransparentTypedObject, OutlineTypedObject::obj_trace);
-DEFINE_TYPEDOBJ_CLASS(OutlineOpaqueTypedObject,      OutlineTypedObject::obj_trace);
-DEFINE_TYPEDOBJ_CLASS(InlineTransparentTypedObject,  InlineTypedObject::obj_trace);
-DEFINE_TYPEDOBJ_CLASS(InlineOpaqueTypedObject,       InlineTypedObject::obj_trace);
+DEFINE_TYPEDOBJ_CLASS(OutlineTransparentTypedObject, OutlineTypedObject::obj_trace, 0);
+DEFINE_TYPEDOBJ_CLASS(OutlineOpaqueTypedObject,      OutlineTypedObject::obj_trace, 0);
+DEFINE_TYPEDOBJ_CLASS(InlineTransparentTypedObject,  InlineTypedObject::obj_trace,
+                      JSCLASS_DELAY_METADATA_CALLBACK);
+DEFINE_TYPEDOBJ_CLASS(InlineOpaqueTypedObject,       InlineTypedObject::obj_trace,
+                      JSCLASS_DELAY_METADATA_CALLBACK);
 
 static int32_t
 LengthForType(TypeDescr& descr)
 {
     switch (descr.kind()) {
       case type::Scalar:
       case type::Reference:
       case type::Struct:
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/gc/bug-1252103.js
@@ -0,0 +1,19 @@
+// Bug 1252103: Inline typed array objects need delayed metadata collection.
+// Shouldn't crash.
+
+function foo() {
+    enableTrackAllocations();
+    gczeal(2, 10);
+    TO = TypedObject;
+    PointType = new TO.StructType({
+        y: TO.float64,
+        name: TO.string
+    })
+    LineType = new TO.StructType({
+        PointType
+    })
+    function testBasic() new LineType;
+    testBasic();
+}
+evaluate("foo()");
+
new file mode 100644
--- /dev/null
+++ b/js/src/jit-test/tests/gc/bug-1252154.js
@@ -0,0 +1,8 @@
+// Bug 1252154: Inline typed array objects need delayed metadata collection.
+// Shouldn't crash.
+
+gczeal(7,1);
+enableShellObjectMetadataCallback();
+var T = TypedObject;
+var AT = new T.ArrayType(T.Any,10);
+var v = new AT();